Authorization/Scope Mismatch Error When Connecting Hubspot

Queries and Resources
1

I want to connect my Hubspot instance to be able to read/write Contacts and Deals from workflows.

It appears by default that "crm.objects.contacts.read" is the only scope authorized.

CleanShot 2024-10-28 at 16.14.41@2x
CleanShot 2024-10-28 at 16.14.41@2x2880×1098 160 KB

I'm able to connect with OAuth successfully using only this scope, but once I add additional scopes I get the following error.

Authorization failed because there is a mismatch between the scopes in the install URL and the app's configured scopes. Please contact the app developer.

This happens if I try to add the scopes before establishing the initial connection, or after establishing the initial connection and using the "Reconnect" option.

Has anyone encountered this before? Do I have to set scopes from the Hubspot side as well? Does that need to be done from a Hubspot Developer account rather than a standard account?

Thanks in advance

2

Same here.

1 Like
3

Hi @henrymeiklejohn! And welcome to the community, @wwwhatley. :slightly_smiling_face:

Generally speaking, OAuth2 apps do need to be configured with specific scopes when set up on the resource side of things. As such, this seems like an issue with the HubSpot integration. I'll talk to the team about a fix!

In the meantime, it's pretty easy to set up OAuth2 for a regular REST API query and to integrate with HubSpot that way! Note that this does require a developer account on HubSpot, though.

Let me know if you have any questions about implementing the above workaround. I'll also keep you updated here. :+1:

4

Thanks for the suggestion @Darren. I've started the REST API setup with OAuth2 and still running into the same error. Here are the settings I'm trying to figure out on the resource setup:

Settings I feel confident on:

Settings I'm confused on:

From my app, Hubspot gives the install URL: https://app.hubspot.com/oauth/authorize?client_id=SANITIZED&redirect_uri=https://oauth.retool.com/oauth/user/oauthcallback&scope=crm.schemas.contacts.write%20oauth%20crm.objects.appointments.read%20crm.objects.appointments.write%20crm.objects.custom.read%20crm.objects.custom.write%20crm.objects.deals.read%20crm.schemas.contacts.read%20crm.objects.deals.write

I've tried using this directly in the Authoeization URL and I get the same error. Not sure if the other query parameters in there are causing issues.

5

These are the settings that work for me:

image
image1364×976 53.5 KB

Retool will construct the full URL based on the information you specify here! As far as scopes are concerned, it's important that you specify them both in Retool and in the configuration of the HubSpot app:

image
image2068×698 69.9 KB

Give that a shot and let me know if you still run into any issues!

6

Made some progress, I was able to connect the resource, however now when I try to run a query I get this error:

error:"{"status":"error","message":"Authentication credentials not found. This API supports OAuth 2.0 authentication and you can find more details at https://developers.hubspot.com/docs/methods/auth/oauth-overview","correlationId":"00000000-0000-0000-3cbe-c77ad31a020d","category":"INVALID_AUTHENTICATION"}

CleanShot 2024-10-31 at 15.20.16@2x
CleanShot 2024-10-31 at 15.20.16@2x1560×1168 70.3 KB

7

In the resource configuration, make sure you add an Authorization header with a value of Bearer OAUTH2_TOKEN. I neglected to include that in my earlier screenshot!

8

Thanks, that fixed it, silly oversight on my part.

The REST API resource will work nicely as a temporary (or perhaps permanent) workaround, but I'd definitely like to stay updated for any fixes on the native integration.

1 Like
9

For sure! I'll keep you updated.

10

I believe I'm getting a similar error. I am trying to create an app for Real Time Updates to a 3rd party dialer (Connex)

Connex has a marketplace item for this to be done, where we enter the client id/secret/other details and then authorize through Hubspot. I am getting the error "Authorization failed because there is a mismatch between the scopes in the install URL and the app's configured scopes. Please contact the app developer."

This is my install URL https://app.hubspot.com/oauth/authorize?client_id=99475399-12a5-471e-aa34-166e3876307d&redirect_uri=https://claim247-cxm.uk.connexone.cloud/integrations/hubspot-app/authorize-workspaces&scope=oauth%20crm.objects.contacts.read

And these are the configured scopes

image
image1052×386 24.5 KB

Unless this is a Hubspot issue, the only thing I can think is that I need to set some of my scopes to be either conditionally required or optional? But not sure why that would be the case.

1 Like
11

Hi @Pierce_Cosgrove! Welcome to the community. :slightly_smiling_face:

I'm afraid I can't be of much help, as it looks like this is an issue with integrating two non-Retool resources. That said, you're probably right that the root of the issue is a similar one - the scopes listed in the initial authorization request being made from Connex to HubSpot don't match up with the scopes that have been configured.

I hope that gives you some guidance, but will leave this conversation open for anybody else from the community to jump in. :+1:

12

Hello, revisiting this topic as I'm having difficulty connecting my Hubspot Sandbox account as the Staging Environment for this resource.

After I click "Reconnect with OAuth", I see a screen where I can select which Hubspot account to connect to.

CleanShot 2024-11-08 at 13.23.42
CleanShot 2024-11-08 at 13.23.42792×595 37.5 KB

The problem is that whatever selection I make gets applied to both environments (Prod and Staging).

What can I do to have each one connect to the correct account?

Should I create a new app in my Hubspot Developer account (with new client credentials) specifically for the Sandbox?

13

Hi @Darren - any update to the scope error when using the native HubSpot integration? Thanks!